Open Redirect
URL redirection or open redirect.
Vulnerability Name: Open redirect on [Parameter] at [Domain name]
Vulnerability Description: An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain.

[Don't forget to add your vulnerability description, the one given above is a general description]

Payload: [Malicious payload]
Steps to Reproduce:
  1. 1.
    Go to the [URL]
  2. 2.
    Now change the value of [vulnerable param] to attacker.com
  3. 3.
    You will be redirected to the attacker-controlled domain.
Proof-of-concept: Snapshots or video link attached.
Impact:
  1. 1.
    It can lead to a Phishing attack.
  2. 2.
    An attacker might forcefully download the malware on the victim's machine by redirecting the victim to the attacker's server.
Attack Scenario: Here an attacker can intentionally send the URL to the victim as a part of an email or even a message. As the link starts with the legit domain victim will have no idea of a redirection.

[The above was a basic attack scenario you need to alter it according to the Workflow]

Remediation: If possible, applications should avoid incorporating user-controllable data into redirection targets. In many cases, this behavior can be avoided in two ways:
  • Remove the redirection function from the application, and replace links to it with direct links to the relevant target URLs.
  • Maintain a server-side list of all URLs that are permitted for redirection. Instead of passing the target URL as a parameter to the redirector, pass an index into this list.
Copy link
Outline